Detection(s): BlackBasta
| Category | Started On | Completed On | Duration | Cuckoo Version |
|---|---|---|---|---|
| FILE | 2024-09-04 09:06:34 | 2024-09-04 09:11:10 | 276 seconds | 2.4-CAPE |
| Machine | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| win10 | win10 | KVM | 2024-09-04 09:06:34 | 2024-09-04 09:11:09 |
| Filename |
BlackBasta_03.exe
|
|---|---|
| File Type | PE32+ executable (console) x86-64, for MS Windows |
| File Size | 733696 bytes |
| MD5 | ac625552601c190656dcb8cf4c21cd1d |
| SHA1 | acad7a91c2812a0652d62f252774454c217666e9 |
| SHA256 | 03309c90e6c60a2e3cd44374efa3003ae10cd9e05ba6a39c77aa5289b32cb969 [VT] [MWDB] [Bazaar] |
| SHA3-384 | 053a729ab54543324beda7a925e60fa2bbcd17dc12a46a8904763bf55b39207e8653fb09e1ea24aff0d3698e67cd07a1 |
| CRC32 | AA53D04A |
| TLSH | T100F47C2A779C01F8E177D2798C954646F7F17C0613615BCF83A04AAA2F2F6B41E7A390 |
| Ssdeep | 12288:nB6xrkyoUKbidQN0M2TNK36YPiCuL1+jZ5tXdAD6x/NJxaZUzrd9gW6PdrO5SAou:nwrkyoUGJJgWQrOUAua |
| Yara |
|
| PE | Strings |
|
OpenMutexW
ATAVAWH
.?AVerror_category@std@@
T$<9T$8
99~CE
8\uKH;
th-TH
fD94Q}
delete
es-EC
.?AV?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
:\u9I
GetVolumePathNamesForVolumeNameW
*6,R*
)D$@f
bs-ba-latn
D$Pf;
es-VE
\$@E;
\$<Ic
`default constructor closure'
j>>A?1
9Cu,fD9y
C:\Windows\SysNative\vssadmin.exe delete shadows /all /quiet
@A_A^A]A\_
ar-LY
T$`A9r
.rdata
&?PPPPPPP?
tpH91uk
c?FA@s}
0A_A^A]A\_^[
fC9Du
H9D$P
l$HD8G
,H0JB9
remoteregistry
A_A^A]A\_
|$ E3
pA_A^A\_^[]
H;D$@s_H
hi-IN
GetFileSizeEx
@UAVAWH
sq-AL
l$@A_A^A]A\_^
fD9$wu
LC_NUMERIC
en-us
|$hH;
@USWH
A^_[
u~9t$Xt
vAD8s(t
< t <$
SetEnvironmentVariableW
ntdll
|$ ATAVAWH
`A_A^A]A\_][
D$`f;
GetTickCount64
8\u9I
D8|$1u
D8[(u
,R%ku
CoInitializeSecurity
gl-ES
L$bL;
A_A^A]_[
oKP;e
.CRT$XTZ
<requestedPrivileges>
@_RDATA
L9=G/
-bomb
it-ch
.?AV_com_error@@
nn-no
n]?iJ
\$gm?
.>PJ;I:qE>
broken pipe
ar-AE
p*W4H
APD90~
R,VTZ,\.^,b
L$PH3
.?AV?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
ca-ES
EH*?H
bad address
\$ UVAWH
A8L90t
ar-sy
ur-PK
EM/M+
conhost.exe
'L-,e
u,9\$0~LL
address family not supported
czech
t$HE8U
g'#~cR
GetDateFormatEx
hr-ba
Pmluc
f#D$@H
Q5rHg,>
ext-ms-
;D$ t
-forcepath
/>58d%
Application Data
Vr.>T
da-DK
t-Lck
0A_A^A\
GetStartupInfoW
?8bunz8
AllocateAndInitializeSid
(
zh-cht
SleepConditionVariableSRW
-nomutex
et-ee
%H : %M
A_A]A\
xh-ZA
ar-sa
SUVWATAVAWH
*v+t*
RtlCaptureContext
inappropriate io control operation
no message
ot$ H
hr-hr
`eh vector copy constructor iterator'
CT$XH
)D$`H
@.data
en-NZ
|$(A^
8e:?C
L9=3:
A_A^^
K(sL<s
termservice
H95<8
G L;C u
L$@H3
ar-om
fD94iu
l$hA8_
__unaligned
.?AVsystem_error@std@@
RtlLookupFunctionEntry
pl-pl
T$<E3
spanish-uruguay
(t$ A
ar-jo
L9=8;
A+P@H
u4D9v
lv-lv
0A_A^A]A\_^]
0A_A^_
fB94ht
H3E H3E
en-gb
ns-za
__eabi
CloseThreadpoolWait
zh-MO
be-by
he-IL
\DefaultIcon
ko-KR
r:f;\$|
L$0fI
.?AV?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
;;D:8
D$HL9gXt
sr-BA-Cyrl
mwtMH
fr-CH
K0HcQ
`eh vector destructor iterator'
fA9,@u
D$0ta
CopyFileW
fE9!fA
sma-se
mk-MK
samss
en-ph
spanish-peru
sl-si
t$8H+
t$0;/~
holland
MoveFileW
es-PE
A_A^A]A\_^]
\$ VAVAWH
_cabs
p[WPN
|$ UAVAWH
T$PD+
D$0tj
.?AV_Facet_base@std@@
|$PE3
p0R^G'
+L$DA
wGHcN
-sf32
.CRT$XCU
t$ WATAUAVAWH
t[fff
L9=BJ
.rtc$TAA
l$8E3
DeleteCriticalSection
!H+}0
.rtc$IZZ
ar-bh
de-at
?QY^&
GetLastError
@84)u
D$pf;
CT$`H
english-aus
t$4Ic
D$`9X
.?AV_System_error@std@@
H954E
sms-FI
Z\>z8
es-GT
\$ VWATAUAVH
D8T$1u
\$ WH
too many files open
`omni callsig'
puerto-rico
IsValidLocaleName
es-BO
|$ UH
t$`L#
<%ucI
0A^_^
fD9t$b
`string'
<Ct-<D
0123456789-+Ee
|$0H;
Bmluc
vctip.exe
es-mx
L,N0P"N
HcS H
.rtc$TZZ
(t$PH
ole32.dll
rbf;\$l
UnVWg
not supported
restrict(
spanish-mexican
|$0E3
^,tyI
8_^][
GetConsoleOutputCP
ar-OM
s AWH
V::::
<:w]H
h>1my
ml-in
.CRT$XPZ
G H;G
es-uy
sr-ba-cyrl
.rdata$T
f;\$4
TryAcquireSRWLockExclusive
Local Settings
LocalAlloc
S>$hkDh$h>[2
tn-ZA
cross device link
CONOUT$
__cdecl
.?AV?$moneypunct@_W$00@std@@
PA_A^A]A\_^]
.?AV?$codecvt@GDU_Mbstatet@@@std@@
*StO9>T
spanish-ecuador
network reset
english-caribbean
%.0Lf
serviceHub.dataWarehouseHost.exe
(D$`H
f;\$4r
es-cr
Il?333333c?
>jtm}S
file exists
|$HE3
new-zealand
<+uaH
zh-SG
VWAUAVAWH
l$ VWATAVAWH
sms-fi
quz-PE
az-az-cyrl
trinidad & tobago
`dynamic atexit destructor for '
.rtc$IAA
$mluc
>H;|$P
D$`I9
x ATAVAWH
u1!D$0H
(taY/
de-LU
se-no
fD9"u
%H : %M : %S
es-pa
__swift_1
3>N;kU
F8$8u
@A^A]A\_^
fA99}
CreateSemaphoreW
u%@8j(t
.?AVlength_error@std@@
D81uUL9r
!0Ap@`"P
spanish-costa rica
__swift_2
]>)2X
!>6'Y
de-de
AreFileApisANSI
netsvcs
L$ E3
L$0f;
en-US
.?AV?$basic_ios@_WU?$char_traits@_W@std@@@std@@
tt-ru
<+uXH
|$ L+
vaultsvc
8D$8u<H
wwwwwwww
gl-es
A_A^_
,PKUbg
.?AVios_base@std@@
@A_A^A]A\_^[
HHtgD
FreeLibraryWhenCallbackReturns
tyfD9 tsH
FindClose
(D$0f
GetFileType
dlaksjdoiwq.jpg
cR^cR
HcO H
resource deadlock would occur
timed out
gu-in
FindNextVolumeW
D$P%H
sv(E3
A_A^A\_^
9D$Pu
L$8H3
english-south africa
nl-NL
SetUnhandledExceptionFilter
CWD>~3
GetFileAttributesExW
A_A^_^[]
0iN>/
connection refused
:\uKL;
H9L$Ht?H
|b=})>
+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
(t$`H
y\PD>!
9\uBH
d$ UAVAWH
rKf;\$t
sr-sp-cyrl
already connected
netlogon
u$D8r(t
x UAVAWH
$D8T$2u
|$xL;
)D$`M
A_A^A\_^
t$@A;
3Wl{7
fD9!H
.CRT$XIAC
.?AVlogic_error@std@@
L$0fH
tr-tr
de-DE
f9<H}
utKf;
zh-CHS
A8^8}SD
D$pfA;
,HR>O
zh-cn
.idata$3
t$XE3
D8T$3uVH
executable format error
SetThreadpoolTimer
GetLocaleInfoW
|$@-D
en-cb
p WAVAWH
L!|$(L!
f;\$<r
slovak
SleepConditionVariableCS
D$Xf;
bp(=>?g
SetEndOfFile
CreateEventExW
;H9>&X
NAN(IND)
CloseThreadpoolWork
GetExitCodeThread
HA_A^A]A\_^][
D8i(u
hr-BA
SetSecurityDescriptorDacl
ffffff
OLEAUT32.dll
@8k(t
PATH3
australian
fr-lu
api-ms-win-security-systemfunctions-l1-1-0
.?AVtype_info@@
f9<Au
t$HD8D$0t
quz-EC
svchost.exe
\$@H;
E8q(u
el-gr
((((( H
T$XH;
keyiso
french-belgian
kernel32
dddd, MMMM dd, yyyy
L$HH3
~,*u<I
SetFileSecurityW
.CRT$XIA
quz-pe
l$xM+
es-ES
L9=_F
quz-bo
ReadConsoleW
A>pP&
D$2fE
TlsFree
hong-kong
.?AV?$moneypunct@G$0A@@std@@
not a stream
L$@L+N
api-ms-win-core-xstate-l2-1-0
pl-PL
winlogon.exe
D$8f;
;\$p|
A8H90t
v}`[>
bad cast
spanish-modern
A>l$/
T$@I;
D$0H#
fJBGo
A_A^]
(|$0@
OHKGb
FreeEnvironmentStringsW
ExitThread
December
UTF-16LEUNICODE
.?AV?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
A_A^A]
obwQ4
.?AV?$moneypunct@D$0A@@std@@
$dmnd
.rsrc$02
sma-SE
\$pH;
zu-za
CL$(L+
.?AV?$_Iosb@H@std@@
spanish-chile
L$xf;
minkernel\crts\ucrt\inc\corecrt_internal_strtox.h
A__^][
HcK H
l$4D8t$2u
es-CL
<0ugH
C H;C
GetExitCodeProcess
!_is_double
D$0H+
:>t6k'
c [1>H'
FlushProcessWriteBuffers
en-za
german-lichtenstein
USER32.dll
fr-ca
Ct$8H
t$PE8]
\$1D8W
api-ms-win-core-fibers-l1-1-1
winmgmt
gTRC
8-uGH
CreateSymbolicLinkW
not connected
cy-GB
spanish-bolivia
uz-uz-latn
YD$@f
+h->|
.?AV?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
D;t$@}
<:wbH
smn-fi
D$pE3
NAN(SNAN)
__ptr64
HeapFree
it-CH
rundll32.exe
x}UYyW
FormatMessageA
lanmanserver
OF>;^
ar-kw
HHtbH
D$HI;
__fastcall
CreateMutexW
T$8A;
ar-ma
pa-IN
en-TT
L!d$(L!d$@D
rpclocator
fB9<Bu
A^][
L$@uU
Wednesday
rpcss
H WATAUAVAWH
A_A]A\_^[
nl-BE
GetVolumeInformationW
cmd.exe
raB3G
9|$<}
mk-mk
b?^Cy
dcomlaunch
FlsFree
.:e(:
.pdata
sv2E3
\?GUn*-
8A^A]_[
be-BY
L$&8\$&t,8Y
Input is not valid base64-encoded data.
L$0H3
.?AV_Generic_error_category@std@@
zh-TW
.?AVfailure@ios_base@std@@
A^_^
L?UUUUUUU?
@SUVWH
~ $s%r
api-ms-win-core-datetime-l1-1-1
N>O=I9
div-mv
UWATAWH
?7zQ6$
j?{$*
D$8D8T$1
RaiseException
tUH95
VWAUH
tokenbroker
l$0D+ D9
file too large
fB9<{u
:\tRI
UWAVH
.?AU_Crt_new_delete@std@@
,X< w
?!5WOo
WaitForThreadpoolTimerCallbacks
u9!\$0
D$@f;
V6E>`"(5
es-AR
fD9<Hu
GetACP
H+L$(x<H
.?AVfilesystem_error@filesystem@ghc@@
H[><y5
pr-china
l$ E3
HcE_H
operator ""
H9=*'
9\t!L
_logb
SystemFunction036
mscoree.dll
L9=J=
SVWATAUAWH
f;\$D
SVWAVH
\$0E3
QueryPerformanceCounter
L$pf;
.?AV?$codecvt@DDU_Mbstatet@@@std@@
en-PH
GetSystemTimeAsFileTime
LC_MONETARY
..om?
tr-TR
.?AVstl_critical_section_vista@details@Concurrency@@
ReleaseSRWLockExclusive
l$@A9F
ERRRRRRRROr %i
LoadLibraryExW
D$PH;
9\uyE
oI>O7
tvLcs
%I : %M : %S %p
-d42h
PA^_]
hu-HU
WLDAP32.dll
s9e(N
destination address required
CoCreateInstance
@A^A\_
D$@M;
fr-be
L;K u>M
?@En[vP
ReturnValue
en-zw
|$ H;
L$Pf;
@.rsrc
@SUVATAUH
SUVWAWH
E/uaH
@cprt
L$PL;
es-DO
ar-QA
BF>^G
.?AV?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@
E>nEA
message size
ENCRYPTION
sr-SP-Cyrl
A^_^[]
`local vftable'
,/<-w
pa-in
\$ UVWH
britain
TlsGetValue
__stdcall
January
t'HcW
A9,A$
)D$`f
GetNativeSystemInfo
eu-es
coremessagingregistrar
es-co
(d*&.
WAVAWH
ru-ru
se-se
L$ UVWATAUAVAWH
ar-TN
L$ |+L;
LC_TIME
se-FI
en-IE
.00cfg
PJCf*
f9)u4H9j
quz-ec
C H9C
en-ZW
X @8u
November
</assembly>
`dynamic initializer for '
RtlUnwind
operation not permitted
english-nz
GetSystemTimePreciseAsFileTime
f;\$T
HcQ<H
LCIDToLocaleName
serviceHub.host.clr.x64.exe
sw-KE
B(I9A(
fi-fi
UTF-8
}HfD9#A
p AWH
+f)>0'
t$ WAVAWH
D$2E3
|$0A_A^
(t$ H
CreateThreadpoolWork
D$P%I
l$ A9)v@H
l$0I9h
InitializeSRWLock
\$$3}
es-NI
A_A^A\_^][
,rXYZ
.rdata$r
A^^[
MultiByteToWideChar
hr-HR
ar-IQ
api-ms-
api-ms-win-core-sysinfo-l1-2-1
'>999
MT$@L
.?AUtime_base@std@@
fB9<@u
GetTimeFormatW
D$0@8{
string too long
A_A^A]A\_
8Ht;I
L$8f;
bs-BA-Latn
connection reset
ja-JP
sma-NO
tYH;9t
l$0E3
tEHcR
0A^A\_^[
sr-BA-Latn
.tls$
\$ fD
April
|$8L;
`vector copy constructor iterator'
A_A^A]A\_^[
pA_A^A]A\_^]
mt-mt
.?AVcodecvt_base@std@@
L;C u
value too large
bad file descriptor
XA_A^A]A\_^][
zh-chs
t$DA;
<:wXH
D$PH+
A_A\_]
`managed vector destructor iterator'
8\tRI
`vector vbase constructor iterator'
\$1D8O
CreateFileW
CreateSemaphoreExW
bad message
invalid hash bucket count
0123456789ABCDEFabcdef-+XxPp
u<g~l<it[<ntP<ot,<pt
no link
xWI96tRI
n03>Pu
api-ms-win-appmodel-runtime-l1-1-2
SHELL32.dll
kk-kz
d$IfD
UUUUUU
ios_base::failbit set
d$4E3
$< t6<$t,<+t"<vt
E80t"A
.dc=app,dc=net
Friday
ky-KG
GetCurrentDirectoryW
rNf;\$t
es-UY
frexp
D8yhu
invalid vector subscript
UVWAVAWH
August
A_A^A\_]
FlsSetValue
8\uPH;
.?AV?$codecvt@_WDU_Mbstatet@@@std@@
CT$XL
t$0A^_
D8T$2
A8}(u
H;5mK
msvsmon.exe
D$hf;
fi-FI
80tWD
MT$HL
.xJ>Hf
e+000
GetOEMCP
L$Xf;
TerminateProcess
se-fi
Y>kX>M
HcUoL
es-py
GetLocaleInfoEx
smj-SE
D$18F(u
@A_A^A]
~jA;9~
UVWATAWH
spanish-panama
{ AVH
t$4E3
CreateThreadpoolTimer
gmp_default_alloc: Virtual memory exhausted.
InitializeSListHead
D$HH+
A9<Fu
C>TQ
BC?>6t9^
)D$ L
gmp_default_realloc: Virtual memory exhausted.
u/HcH<H
E0HcH
Zod(^?
L$ WH
tDE3
uz-uz-cyrl
american
NTUSER.DAT
state not recoverable
.?AV?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
[chrm
rsf;\$d
D84:u
:u A8N
england
kn-IN
.rdata$zzzdbg
(samAccountType=805306369)
</security>
D8l$pt
A_A^A]A\_^]
de-lu
GetModuleHandleExW
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
fa-IR
ar-ae
l$HL9n
October
ResetEvent
LcA<E3
chinese-traditional
|$8tiI
H9E'H
9\$hu
A_A^A]A\_^[]
l$ WATAVH
_RDATA
ar-LB
fr-LU
APD9(~
0A_A^A\_^][
9\tHI
=>oNHj
am/pm
"e?<<<<<<l?
ReleaseMutex
GetCommandLineW
_is_double
8D$@t
f9t$bu
`vector vbase copy constructor iterator'
it-it
t$@A_A^A]A\_
#IN%[
UATAUAVAWH
D$0I;
\$8H;
D$pHc
0><[cZUg^>
D!l$xA
SUVWAVH
mr-IN
mi-nz
`virtual displacement map'
svDE3
ns-ZA
L$4|?L
Your data are stolen and encrypted
H97u+A
no child process
APD98~
.CRT$XIAA
@A_A^A\_^
I+4$H
ar-tn
d$0D9|$`
__crt_strtox::floating_point_value::as_double
en-bz
api-ms-win-rtcore-ntuser-window-l1-1-0
(D$`L
no protocol option
chinese-simplified
8-uCH
es-sv
L$ WATAUAVAWH
bTRC
GetComputerNameExW
9^ t"H
0A^A\_
t7HcP
VWATAVAW
D8}?t
E0Lc`
.?AV?$collate@G@std@@
< t=<
ar-DZ
t?HcS
+M<7>
.text$mn
gfffffff
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
ExitProcess
L$@f;
d<-u`H
H9=oD
.?AV?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
6acspAPPL
H9=bm
[aOni*{
February
.CRT$XLA
de-AT
%m / %d / %y
A_A]A\_^[]
H9D$8t%
unordered_map/set too long
operation canceled
ar-dz
FlsAlloc
ro-RO
KERNEL32.dll
A8L98t
uW;S
ldexp
sa-IN
F>qUxv
false
:\u8H
t$pE3
t$0E3
api-ms-win-core-winrt-l1-1-0
.?AUctype_base@std@@
@SUVWATAVAWH
Stuf;
tn-za
Your company id for log in: 5f19e2b1-ca23-4d1d-b642-de2543c02742
ar-eg
Forced path: %ls
0A__^[]
t%fE9
english-american
th-th
zh-tw
K&>.yC
vector too long
pt-PT
L$<A;
|$(E3
A_A^A]_^
fffff
|$(M;
@A_A^A\_^[]
VWAWH
SNAN)
t$ UWAUAVAWH
`udt returning'
GetTickCount
D$ I;
ext-ms-win-ntuser-dialogbox-l1-1-0
italian-swiss
d$dD;d$ltY
A_A^A\_^[]
D$PL;
0X8b?~
?{Q}<
portuguese-brazilian
D$@H;F
__vectorcall
D$(E3
fD9$Hu
Force path
o|$0f
68:HP
expaL
H9D$8t0
function not supported
<}wTI
ADVAPI32.dll
Sunday
gu-IN
.CRT$XPX
`vector deleting destructor'
`vector constructor iterator'
f;\$<
GetCPInfo
L$(H3
nb-no
<St[@:
FindFirstFileExW
VWATAVAWH
|$HH;
sv-se
fE9<Au
VWAVH
)|B?d!
SVWATAVH
pA_A^A]A\_^[
Done time: %.4f seconds, encrypted: %.4f gb
You can contact us and decrypt one file for free on this TOR site
tSf91tNH
zu-ZA
.?AUmoney_base@std@@
C:\Windows\System32\vssadmin.exe delete shadows /all /quiet
D$pA+
=imb;D
sma-no
@8|$Ht
C|$8H
.CRT$XCA
(null)
SHChangeNotify
t$ WHc\$03
.CRT$XPA
devenv.exe
`.rdata
wrong protocol type
L9BHA
GetModuleFileNameW
Base Class Array'
t$HA_A^A]A\_
io error
rvf;\$d
`A^_^
operator
(t$0H
:\uSL;
L$0I;
AppPolicyGetThreadInitializationType
L$ L;
P>q_Y~
|$49}
(you should download and install TOR browser first https://torproject.org)
A^_^][
fD92t
kE>fvw
UA>N0Wl
D$8fE
fD9,pu
t @8x
Tuesday
chinese-singapore
Hc-G.
D$@H+
u^A8G
SetStdHandle
chinese
SUAVH
too many links
fA9,Au
CompareStringEx
\$(E3
.?AUmessages_base@std@@
L$(E3
E0t H
.basta
:\uVL;
L$<9L$@
powershell.exe
L9=g9
TlsAlloc
H9=:%
f;\$\
fffffff
InitializeSecurityDescriptor
fB9<Hu
api-ms-win-core-string-l1-1-0
hu-hu
nXYZ
e0A_A^A]A\]
address not available
x9obw
\$ E3
az-az-latn
.i?0@I
8\t H
|$ UATAUAVAWH
.?AV?$moneypunct@_W$0A@@std@@
L$Hf;
Lj[;>
$Recycle.Bin
CloseHandle
CL$(N
[*ncd>0
spanish-puerto rico
\mluc
en-nz
fA9,Qu
f9,^u
L95)n
mr-in
u3HcH<H
kL@8o(u
EnterCriticalSection
_hypot
:\tIH
-lcms
operation in progress
t$ UWAVH
twIcF
MM/dd/yy
t$(I;
sihost.exe
explorer.exe
USVWATAUAVAWH
fD91uTL9r
r_f;\$l
en-JM
vi-VN
chrm
V&kg(zHT
@A^_]
H9E(H
comsysapp
invalid string position
(D$ f
fA99t A
lv-LV
nan(ind)
.?AV?$_Mpunct@D@std@@
|$ AVH
|$4Ic
`eh vector constructor iterator'
\$8I;
dutch-belgian
ar-iq
NfD9d$pu
mpz_powm: Negative exponent and non-invertible base.
ABCDEFGHIJKLMNOPQRSTUVWXYZ
@UVWATAUAVAWH
english-ire
regsvr32.exe
api-ms-win-core-localization-obsolete-l1-2-0
;I9}(tiH
nb-NO
K~Je#>!
fr-fr
H9t$@t
F H9F
norwegian-nynorsk
` M9fh
english-trinidad y tobago
permission denied
L9=/;
vboxservice
D$8L9
L$0H;
english-can
D$PE3
No forced path found
D$xE3
SUVWATAUAVAWH
SetEntriesInAclW
3>fvw
0A^A]A\_^][
camsvc
;.u1L
es-PR
A_A\_^]
no such device or address
t(fff
mpz_import: Nails not supported.
smj-se
Init error:
HH:mm:ss
A8L9(t
es-SV
t$HE3
f9<Ju
CompareStringW
fE98t'
t'<Zt
gfffffffI
america
quz-BO
china
H9=*#
0A^^[
D$HI+
|$ AVA
.?AVfacet@locale@std@@
d7.t]
MGD;}
`hr |
`managed vector copy constructor iterator'
french-canadian
ko-kr
A_^]
fD9 t
)D$ H
af-za
(T?j?Y
swedish-finland
CreateProcessW
.CRT$XPXA
D$HE3
.?AV?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
VT$PD
ar-YE
.?AV_Locimp@locale@std@@
floor
ro-ro
IsDebuggerPresent
.?AV?$ctype@D@std@@
french-swiss
L9=}I
mt-MT
es-do
div-MV
H9=w7
SetThreadpoolWait
sl-SI
uk-ua
hi-in
es-CO
`vftable'
FormatMessageW
smj-no
.data$r
not enough memory
InitializeCriticalSectionAndSpinCount
user32
&7*#R
L9=0H
T$ D)s
fG9$Ou
illegal byte sequence
appinfo
GetTempPathW
ms-my
?TY,>5
msbuild.exe
__based(
D$@H;
T$PE3
[<-uWH
.?AV?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AVstl_critical_section_interface@details@Concurrency@@
not a socket
no stream resources
:\umE
`managed vector constructor iterator'
uz-UZ-Cyrl
ml-IN
spanish-el salvador
english-jamaica
fD91u
.?AV?$_Mpunct@G@std@@
<:wSH
Md$@A
mpz_powm: Zero modulo.
L$ SUVWH
fD9,Au
fD9!u
zh-HK
E8a(u
c(>\,
r7f;\$|
D;\$0~CE3
bad array new length
D$BH;
:\uRL;
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Type Descriptor'
bad conversion
D$h9t$P
HeapReAlloc
NkqQn
v@D8s(t
f9,Hu
?:kP<
usE8E
D$1E3
UVWATAUAVAWH
sa-in
ur-pk
:\urE
ar-KW
D$@E3
zh-mo
fkdjsadasd.ico
@.reloc
`RTTI
bn-IN
t$`H+
.text$di
\$0eH
id-ID
Error 755: %i
gfffL
not a directory
CommandLine
4p#S4
USVWATAVAWH
ext-ms-win-ntuser-windowstation-l1-1-0
sr-sp-latn
|$XH;
serviceHub.vsdetouredhost.exe
af-ZA
A_A^A]A\]
L90u$H
SUWATAUAVAWH
GetUserDefaultLCID
98t H
IsValidLocale
L$ fff
CreateThreadpoolWait
spanish-argentina
ja-jp
`local static thread guard'
.?AV?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
hy-AM
A\_^
french-luxembourg
.xdata$x
l$`I+
_nextafter
@SVWATAUAVAWH
\$ UVWATAUAVAWH
fr-MC
HeapSize
fa-ir
ineID
L$h;M
fD94H}aD
LCMapStringW
ugA8G
|$`CI
ar-JO
result out of range
ar-lb
abcdefghijklmnopqrstuvwxyz
\$0H;
D+{HD+
6wtpt
LocalFree
nn-NO
.?AV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@
t4dU7xaRfZLDyHeCjMn3Vb5vUL9Z9pVWm0UKfaq6UuN/3p+htNjT8qx9QiAfc/w3gVDsrNplXUebAbwYLH3DArItBNTrxcn8hr/y0dT0w+2pxjMp2oOtWKWVq8ClfJhdlv/NTeQb9CCI+JkhEArvACvftxVAmlWmTEAaUKdu1Pu8+odY9iDjR6CWZQEDPtHL3m8gVYP1sG2K/BTK1PzH3bPMajXKvc1SdWYXCfO0pryB5u+8RJ/1XPwVHyyAaGALRZ32RwA1IxkX+d5H08uLWwiUkb71IdTYjLMa35P1RH+6URv+u4VrgndKYgB8te+TixmTdstdBm1+wtCyzzomKRf048yWUMKJoFtst8S0qH/gegs6gusltOgBfaTV/5MvCLs9DAD7+tlem+iMuSYUMqoReSqofx3iR0YEalegjqCvEMDg90Uyot3x06TeniYNqsQbh6+907l4DrJ3xf11TWSfdfjE8VIMWftbkQrgc3QJyDjFombVyjjJVQ0diyZ93BefPt8eg/L6EnTkRnpFhRkrlcw3YiaEvYAH90w1rc1gXMa7qqGus3kcts296SZb+fKDqFfOW26Lp8ItbGF6SS17eRh4Y767ec9jqMCGcsu6YAGqsiU6xCWr3K9WAg05lAf/qw7m33tB+RMJvPyF+xBtyS9v3rTBDQPSRwAayuE=
EnumSystemLocalesEx
SubmitThreadpoolWork
EnumSystemLocalesW
en-CB
T$(H+
.idata$2
D,$<
bg-BG
GetFileAttributesW
L+T$@
D$8H;
fA9,vu
GetCurrentThreadId
.CRT$XCC
L;|$X
D;sHu
t$8;;
9\$0u
;\$0|
FreeLibrary
Unknown exception
`vbtable'
t(LcuoH;
E+A@H
b(oGL
@UWAVH
mpz_div_qr: Divide by zero.
bad locale name
H;~ H
eLK(w
426,4
?49HoKC
chinese-hongkong
&$$$"$ $
Documents and Settings
no lock available
brokerinfrastructure
en-au
.?AV?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
no such device
@SUVWAVH
`+!]?
D8yDt
ta-IN
smn-FI
@SVATAVH
Go?K
IND)ind)
L$<E3
operator<=>
eventsystem
SVWATAUAVAWH
german-luxembourg
Complete Object Locator'
`placement delete[] closure'
wuauserv
"gRichh
es-PA
es-pr
FindNextFileW
t$Nhb"
:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
api-ms-win-core-file-l1-2-2
es-es
tRLcY
en-jm
CD$8D
WATAUAVAWH
ka-GE
fo-fo
.?AV?$ctype@_W@std@@
irish-english
uk-UA
d$HE3
wsearch
\$@E3
`local vftable constructor closure'
GetTimeFormatEx
az-AZ-Cyrl
__clrcall
EncodePointer
`A_A^_^]
FindFirstVolumeW
@USVWATAUAWH
\$HE;
fB94Ou
dllhost.exe
.?AV?$moneypunct@D$00@std@@
Base Class Descriptor at (
t$ WAVE3
L9#t!H
t$`E3
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
`copy constructor closure'
@SWAUAVAWH
device or resource busy
english-us
WaitForSingleObjectEx
L$<9L$P
LCMapStringEx
t$ AVH
%b %d %H : %M : %S %Y
<0ufH
|$DE3
|$@A9T
emRoH
LC_CTYPE
L95%j
`vbase destructor'
spanish-venezuela
spanish-honduras
advapi32
L$@E3
utf-8
zh-sg
f;\$L
|$0H+
GetEnvironmentStringsW
March
Z.3.8\
inity
f9,Yu
en-tt
v&=xV
A8L9 t
:a6CL5
t$ WH
?+>^m
<A\u@H
T$PH;
.?AV_Iostream_error_category2@std@@
c0&>`
iphlpsvc
fE9,Fu
operator co_await
s WAVAWH
pA^_^][
INITY
(oGLR$
owner dead
%GoU?*
GetStdHandle
TUUUU
.?AVbad_cast@std@@
@8j(t
.?AV?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
l$ VWATH
RoInitialize
\$ UVWAVAWH
bn-in
gfffA
\root\cimv2
.?AV?$messages@D@std@@
L$ SVWH
H+L$`H
`A_A^A]A\_^]
ntelA
T$PH3
D$0H;
s5fE9!
D$(L;
.?AVbad_exception@std@@
D8t$ht
english-belize
pr china
1#QNAN
fB9,Nu
ScD$~
ATAUAVH
<xuL@
.CRT$XIZ
sw-ke
GetFileInformationByHandleEx
September
.CRT$XCZ
ATAUAWH
SetFileInformationByHandle
CD$@D
@A_A^A]A\_^]
@A_A^_
ta-in
CD$HH
.?AV?$moneypunct@G$00@std@@
__swift_3
SetFilePointerEx
A_A^_
cs-cz
(A^A\^[
|$PL;
l$ A*
VWATH
no buffer space
dnscache
.data
.?AV?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
es-ni
s WATAUAVAWH
M H1E
.idata$4
SetEvent
az-AZ-Latn
@USVWAWH
AP90~
vsdebugconsole.exe
RtlPcToFileHeader
operation not supported
?kxG2)
t$ UH
iu+-,
<>#n2
te-in
9Qn@&V%
FreeLibraryAndExitThread
d$@9L
mntrRGB XYZ
9p@u+
qS>g?h3
Sleep
no message available
readme.txt
L9=^F
HcE_L
SetFileAttributesW
f9,pu
A_A^A\
L$hf;
,I<%w
).9#x
tU;\$0tH
de-CH
fD9'u
tQfD9 tK
T$0H;
8A^_^[
J,H;T$8w-E3
D8|$`t
`vcall'
C847u
[yWA;
f9)u:H
$&&f$Y
south africa
en-ca
WaitForSingleObject
ar-ly
uz-UZ-Latn
f;\$Dr
RegSetValueExW
A^A]A\
api-ms-win-core-synch-l1-2-0.dll
<utK@:
.?AV?$collate@D@std@@
.?AV?$messages@G@std@@
fD9<Gu
spanish-guatemala
AcquireSRWLockExclusive
Saturday
_oD>Kg
fC94wu
ios_base::badbit set
LC_ALL
SetLastError
.?AVruntime_error@std@@
el-GR
es-bo
.idata$5
generic
xA_A^A]A\_^[]
norwegian-bokmal
@UATAUAVAWH
ar-SA
TryEnterCriticalSection
ar-SY
es-ve
.?AV?$numpunct@G@std@@
UWATAVAWH
?R0I?
GetStringTypeW
fr-mc
en-ZA
he-il
<security>
vKfffff
D$(H;
0A_A^A\_^[]
l$ VWAVH
kn-in
is-IS
mn-MN
D$49C
fD9$Ou
9\u6I
mi-NZ
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
uzKs@>
xXI96tSI
D;d$P}
/2GG>!B
`vector destructor iterator'
hA_A^A]A\_^][
GetModuleHandleW
`eh vector vbase copy constructor iterator'
canadian
nan(snan)
.CRT$XLZ
.rsrc$01
9t$Pu
south-africa
@USVWATAUAVH
N,sK,
T$4E:
south-korea
N3`d?
D$`L;
L$xE3
.text
GetCommandLineA
LocaleNameToLCID
address in use
0123456789-
mn-mn
power
~,*uEI
@8{(u
xh-za
)D$`H+^
Create
UnhandledExceptionFilter
sk-SK
ka-ge
ar-EG
u4I9}(
HcC H
__restrict
en-CA
CorExitProcess
GetProcessHeap
D8L$0uP
D$0HcH
CreateThread
j?V()
D$0H9D$8
snan)
PA_A^_^]
)D$ f
south korea
L|4f;
WakeConditionVariable
AUAVAWH
D$(H!L$ E3
{,D+{HD+
CoUninitialize
USVWAVH
u^D8N
network unreachable
d$ D!
new[]
.CRT$XIC
$Ib?s
<htl<jt\<lt4<tt$<wt
.?AV?$collate@_W@std@@
InitOnceExecuteOnce
@b;zO]
^<V7w
syr-SY
argument out of domain
T$ Lc
@>%>b
kernel32.dll
ms-BN
spanish-nicaragua
.data$rs
`local static guard'
GIMP built-in sRG
fD9d$pt+fD
:AM:am:PM:pm
COMSPEC
too many files open in system
:\tII
ios_base::eofbit set
sv-fi
8\uuE
8D$Xt
ar-MA
network down
CreateEventW
GetCurrentProcessId
GetDateFormatW
t$HH+
|$ D!
.rdata$voltmd
AppPolicyGetProcessTerminationMethod
.?AV?$numpunct@_W@std@@
pt-BR
D$PI;
hy-am
{ AUAVAWH
M.f(z
.?AVexception@std@@
directory not empty
FlushFileBuffers
LeaveCriticalSection
.text$mn$00
xOHcC
en-ie
x UATAUAVAWH
iostream
L$`f;
?7{KV
HHteH
GetCurrentProcess
:\u7I
@8~8t
@SVAVAWH
{$z6A
WideCharToMultiByte
@SVWH
(A_A^^[
belgian
es-hn
</trustInfo>
SystemParametersInfoW
!This program cannot be run in DOS mode.
D$8E3
.?AV?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
Windows
L$<;L$P
T$8H+
rOVdVGrd]d
.?AVbad_alloc@std@@
@A_A^A\
.tls$ZZZ
#t'fA
great britain
.CRT$XCL
A_A^A]_]
lt-lt
cdpsvc
A8M(u
es-MX
@8~0tM
</requestedPrivileges>
Win32_Process
host unreachable
A_A^_^]
.?AV?$_Mpunct@_W@std@@
PA__^[]
D$8H+
es-ec
@USVWATAVAWH
T$ E3
L9yHA
(D$@f
t;LcF
system
(D$`f
sessionenv
H;xXu5
<St[A:
""""""""""""""":33333C3kf
it-IT
https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/
%d / %m / %y
|$@I+
D$8L;C
HcG H
?UUUUUU
H+\$`H
FindFirstFileW
Public Domain
fo-FO
L9=V:
f|5h\
se-NO
CD$XfD
!l$ H
FlsGetValue
InitializeConditionVariable
M?H;MGs H
spanish-dominican republic
.?AVbad_array_new_length@std@@
de-ch
9)~P3
protocol not supported
IsValidCodePage
<vt{<x
serviceHub.host.clr.exe
D,H<
'L>[
.?AVstl_critical_section_win7@details@Concurrency@@
CT$8L
A^A]A\_^[]
GetUserDefaultLocaleName
iostream stream error
serviceHub.testWindowstorehost.exe
RoUninitialize
D8t$2u
v2!L.2
D$@fD
z@q_H
bad exception
ReadFile
`anonymous namespace'
@A_A^A\_^][
L$4+L$8
<:uyH
filename too long
<A\t}H
OUT.txt
uED8r(t
.CRT$XTA
LC_COLLATE
api-ms-win-core-localization-l1-2-1
ar-ye
x AUAVAWH
Syst3
^RfN>
D+\$0ff
?E=$% B
A{Xy^gv
__crt_strtox::floating_point_value::as_float
ar-qa
es-pe
da-dk
T$pt+H
u,!T$(H!T$
l$8@2
es-ar
no space on device
Class Hierarchy Descriptor'
GetConsoleMode
ms-bn
stream timeout
\c$\Windows\tmp.exe
D$XE3
UVWATAUAVAW
spanish-paraguay
pt-br
t$xt*3
is-is
f9,Fu
sv-SE
d?000000`?
ky-kg
fr-ch
too many symbolic link levels
c[9(tD
fr-FR
0123456789ABCDEFabcdef-+Xx
L$0Lc@
api-ms-win-core-processthreads-l1-1-2
C:\Windows\tmp.exe
se-SE
1#SNAN
.?AV?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
german-swiss
pt-pt
WriteFile
english-usa
T$89T$@
.text$x
`typeof'
de-li
swiss
__pascal
ms-MY
A__^
.?AV?$messages@_W@std@@
cy-gb
t$ E3
x AVAW
RtlVirtualUnwind
L$4+L$H
!AQaq0p@
no such process
H9\$X
`scalar deleting destructor'
atan2
l$4D8d$1u
zh-CN
GetCurrentPackageId
invalid argument
fD9;u
sk-sk
L$0E;
L$PE3
fB9<A}1L
jV+t*vD
smj-NO
RtlUnwindEx
d$XfD
unknown error
united-kingdom
bg-bg
\$PH+
t$8E3
es-gt
d$ E3
hA_A^A]A\_^[]
<}wRI
9>powf
dsajdhas.0
T$`fA;
.CRT$XCAA
0A_A^A]A\_
fE9<$u
success
8ke?;
D W?{W
eu-ES
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
@A_A^_^]
ExecMethod hres = %08x
american english
$dmdd
invalid seek
L$ I;
fD9't
D$Hf;
L$ VWAVH
resource unavailable try again
)>6{1n
text file busy
x AVH
L$XH3
__thiscall
no such file or directory
?f`Y4
D$ E3
t$PHc
@SWAUAVH
kk-KZ
WakeAllConditionVariable
ru-RU
.?AVout_of_range@std@@
D8d$@tNI
FreeConsole
Monday
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
ICC_PROFILE
D$@fA9
protocol error
de-LI
t$`fD9+t$I
DeviceIoControl
lkXKg'9Kf
WATAVH
t)IcV
remoteaccess
d$ H9r
lt-LT
gfffffffH
cs-CZ
T$HE:
f;\$Lr
D+A@H
+t;zV
kok-in
spanish-colombia
GetFullPathNameW
f9,Ju
@A^_^
SW@STv
TlsSetValue
Mutex detected
D$@Hc
8A_A^A]A\_^][
english-uk
:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
IsProcessorFeaturePresent
GetProcAddress
DecodePointer
HcEgH
T$@E;
@SWAVH
D8t$<tKI
l$pM+
,|0J,h
Hcu`M
InitializeCriticalSectionEx
tt-RU
H;XXs
H!T$0D
HeapAlloc
L9=+G
D8|$Ht
.?AVrange_error@std@@
connection aborted
CL:>8
D$xf;
delete[]
eHA_A^A]A\_^[]
L$xH3
argument list too long
api-ms-win-core-synch-l1-2-0
operation would block
identifier removed
A03>A|
AK>(v
is a directory
en-BZ
mL+7H
norwegian
@USVWAVH
VD$Pf
A]A\^][
es-PY
fr-CA
GetTimeZoneInformation
taL9Chu
nl-be
.idata$6
l$@L+
.?AV?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
es-cl
sq-al
l$4E3
RegCreateKeyExW
0123456789abcdefghijklmnopqrstuvwxyz
.?AV?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
D8l$ptGH
@USVWATAUAVAWH
interrupted
0A_A^_^]
.?AV?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@
united-states
L95Yo
sr-ba-latn
ar-BH
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
kok-IN
-BH>t
\$ UH
sr-SP-Latn
dnshostname
.?AV?$ctype@G@std@@
L$8H;
<:u~H
GetCurrentProcessorNumber
WaNd?
`8@N0
L$@;|
fD97t
read only file system
L$`;M
The data will be published on TOR website if you do not pay the ransom
])6M>&
;D$hsC
zh-hk
german-austrian
connection already in progress
VWATAUAVAWL
0A_A^A]
L9=F4
te-IN
l$hH+
id-id
iygE3
CoSetProxyBlanket
sv-FI
CoInitializeEx
Hc\$<A;
p;Y>u
!1qAQa
1#INF
es-HN
syr-sy
vi-vn
D$0f;
A^A\_
.?AV?$numpunct@D@std@@
L$HE;
CloseThreadpoolTimer
D$DE3
.xdata
log10
f9,~u
\$@fD
e0A_A^A]A\_^]
nl-nl
WriteConsoleW
(k<"%
FindVolumeClose
en-GB
Thursday
USVWAVAWH
`placement delete closure'
failed1
G H9G
L$ SH
ca-es
fr-BE
en-AU
uoA8]
APD9 ~
H!D$ I
et-EE
es-CR
bad allocation
wcmsvc
`eh vector vbase constructor iterator'
zY;>u:m
.text$yd
T$0H;T$8t,H
H+L$ xFH
zh-CHT
@SVAVH
H9=R%
DD$xH
fD94Au
american-english
1#IND
8\t!L
e0A^A]A\_^[]
@8~0t
@SUVWATAUAVH
|
registry filesystem process threading services device network synchronization crypto browser